A new strain of the Petya ransomware is affecting businesses across the world. The ransomware uses multiple techniques to spread, including the same Microsoft Windows “EternalBlue” exploit used by the WannaCry ransomware that we advised of last month. Once your machine is infected, the ransomware encrypts your files and demands payment in the form of Bitcoin. If you do not pay within a few hours, the ransom goes up and ultimately your data may be wiped.
Thousands of computers around the world are getting locked up, including Russia’s largest oil production company, Rosneft; Denmark-based Maersk, the largest shipping company in the world; and New Jersey-based Merck, one of the largest pharmaceutical companies in the world.
GSC IT Solutions recommends the following actions:
- If you haven’t done so previously, update both Windows desktop and mobile systems with the Microsoft patch MS17-010. Make sure your computers are running the latest version of their operating system. If you are a GSC IT client with a Managed IT Services plan, you do not need to worry about doing this-we take care of it for you.
- Encourage your employees to be extra cautious right now – even clicking on a suspicious attachment could instigate a ransomware attack.
- Make sure you are utilizing up-to-date security software/hardware. If you utilize a firewall or other protection with annual subscriptions, it’s critical to make sure those are renewed to ensure continuous protection
- Back up files now to allow quick recovery in the event you do fall victim to a ransomware attack. If you currently use one of our backup solutions the data back-up process is being completed on a routine basis, and depending on the service you’ve subscribed to, will automatically back-up your file & folder, or complete image. In the event of a ransomware attack, you will be able to roll back your files to an unencrypted state. If you’re unsure of the back-up strategy please contact GSC IT directly to discuss in more detail.
- If your business does not have a file or image backup process in place, preferably using an off-site solution, we highly recommend you to put one in place immediately. You might even consider a more sophisticated disaster recovery program. In addition, a file/sharing program like the one we offer should be considered. While this might not eliminate the loss of data 100%, it will mitigate your loss.
What to do if your computer displays a ransomware message stating your files have been encrypted or another suspicious message:
- Shut down the computer immediately.
- Disconnect (unplug it) from all networks.
- Contact an IT security expert.
Our GSC IT technicians are standing by to assist you.
Protecting your business going forward:
- Utilize a multi-layered security approach. GSC IT Solutions has the ability to provide you with multiple levels of protection. From proactive network monitoring to firewalls to anti-virus, anti-malware, and email security, we can help you identify and block threats before they affect your system.
- Perform a security assessment on your systems. Our trained system engineers can help you evaluate your infrastructure including a security threat analysis and an overview of your disaster recovery procedures. We can provide recommendations on how best to protect your network.
- Make sure you have a strong data protection and disaster recovery strategy. If you are compromised, your business needs to make sure it can get back up and running quickly. Local backup systems need to be tested periodically and you should consider taking data off-site to a secure datacenter as it could save you valuable time and thousands of dollars in recovery fees and lost business. In addition to backing up, there needs to be a disaster plan in place in case the damage extends to your systems or infrastructure. We can help you implement a comprehensive strategy for both data protection and disaster recovery.
If you have any questions, please contact us immediately.